1. Field of the Embodiments
The present disclosure relates in general to digital network communications. Specifically, the present disclosure relates to secure data transmission and secure provision of remote application services in an open or closed network setting. More specifically, methods and integrated systems are provided in various embodiments for improving security, efficiency, access control, administrative monitoring, and reliability as well as integrity of data transmission and remote application sharing over a network. The disclosed methods and systems employ a datagram schema that enables dynamic datagram switching in network transactions that supports a multitude of applications and network services. Mobile intelligent data carriers are provided in various embodiments that allow for implementation of an authentication and encryption scheme that is transparent to a user. The pervasive, user-centric network security enabled by the disclosed methods and systems may be advantageously deployed in, among other things, the financial and banking environment, the national security and military information technology (IT) systems, the healthcare management networks, the IT infrastructure for legal and other professional consultation services, and various online commercial transaction systems. The systems and methods according to this disclosure may be implemented in connection with biometric and other suitable authentication means.
2. Description of the Related Art
The digital revolution, accompanied by globalization, is transforming people's life in an unprecedented way. The growth and evolution of the Internet fuels the expansion of the existing businesses while fostering the emergence of new enterprises cross nation lines. In today's global economy, the viability of a business or research institution turns in a large part on its efficiency in processing and managing information. Data transmission and management is thus playing an increasingly vital role in a variety of industries. Not unexpectedly, engineers and business visionaries have been faced with a significant challenge to institute secure network systems that enable stable and efficient data transmission, effective access control, and remote sharing and management of application resources among distributed computers in service to multiple users.
Various network configurations have been in use in institutional IT infrastructures. Ethernet, token ring, and client-server architecture, for example, are widely adopted. Related technologies for data encryption and compression are similarly known and have been utilized to facilitate secure data transmission. However, the existing network systems frequently suffer from such problems as interception of data transactions and loss of network connections, among other things. Often, once a connection is lost, it is difficult to quickly restore it, let alone to accurately reestablish the parameters of the lost connection thereby ensuring the integrity of the reconnection. Inevitably in these situations, data may be lost and data transmission will need to start over. And yet, sometimes, the loss may be permanent if one cannot trace and gather a threshold level of information to allow rescue. This lack of stability greatly compromises the fidelity of data transmission and thus poses a fatal problem for distributive data processing and management. Significant costs are incurred in coping with such failure in an institutional setting. In fact, an entire industry can be disadvantaged by such a problem, as manifested in the difficulties encountered in the recent years by on-line electronic businesses.
The problem of instable—hence unreliable—network communications is compounded by a want of comprehensive, robust, user-friendly, and cost-efficient network security solutions for safeguarding information dissemination and application management in a distributive enterprise IT environment. Consequently, the private businesses and public institutions alike suffer significant financial losses from security breaches and uncoordinated information and application management. A great deal of money is also wasted on inefficient IT security solutions.
Drawbacks of the current network security solutions are manyfold. In the main, four aspects are noteworthy: First, there is lacking an integrated system that can secure an entire network without severely limiting business growth. Organizations are forced to employ a multiplicity of products from different vendors to fulfill different security functions. Each of these products only solves a discreet aspect of the overall network security needs. For example, a firewall does not encrypt data being transmitted across the Internet; an Intrusion Detection System (IDS) cannot validate and ensure that the person who enters an authorized login name and password to open a Virtual Private Network (VPN) connection is in fact the intended user; and, a VPN doesn't help an IT department monitor user rights and access policies. Thus, no existing system or method is capable of singularly protecting every aspect of a network. Resorting to multiple security products from competing vendors, public and private enterprises alike are faced, at the minimum, with the problem of incompatibility. Maintaining a fluctuating number of peripheral security devices and software packages can also be extremely complex and overly expensive. And, on the whole, such patchwork solution is less than effective in protecting institutional IT framework.
Secondly, the existing focus is on securing devices and data. Such system-centric approach fails to safeguard the point of access from individual users who use the devices. This inherent problem with the current approach will become more and more conspicuous as the number of devices and degree of user mobility increases—an inevitable as the world is transitioning into pervasive computing.
To appreciate the inherent flaws in the system-centric systems, one can consider the various scenarios of cyber-crimes. It is understood by an ordinary Internet user today that every single form of cyber-crime involves the attempt of the attacker to disguise its identity, whether masquerading as someone else or covering its trail over the routings. One reason why such attack too often succeeds is because the techniques used to establish and verify the user's identity today are fallible. For example, most passwords are easy to break; they are often too obvious or are stored on a device that can be easily compromised. The existing infrastructure supporting digital certificates and public/private keys is also relatively easy to abuse. Therefore, the existing ways for identifying the users of a network device and securing the device vis-à-vis these users—hence system-centric—presents inherent security liabilities. A high level of security can never be achieved when the identity of those who attempt to access the protected network cannot be effectively pinpointed. A major paradigm shift thus seems warranted for better network security. That is, the focal point needs to shift from protecting the devices and data to protecting the users. A true user-centric scheme for establishing and validating user identities—thereby enabling mobile access and event-based, user-centric security—is desirable.
Third, the existing IT security solutions are too complex for ordinary users. Average users are expected to perform complicated security procedures, which often result in errors and security lapses in the enterprise IT environment. For example, VPNs are not plug'n'play straightforward to install, operate, or maintain. Encrypting emails involves extra work so very few ever bother to do it. Even selecting and remembering a good password is too much trouble for most average users. Relying on people who are not IT experts to perform complicated security procedures simply doesn't work. An ordinary user may find ways to bypass the security procedures or outright ignore them. Further, for many IT departments, maintaining and operating a deluge of software patches may drain the available resources and exceed their capacities. Therefore, an effective yet simple security paradigm is in need.
And finally, like in any other fields, certain inertia exists in the IT security industry. Changes and new methodologies to some extent are resisted. The existing way of doing things prevails and dominates the market of network security solutions, both on the provider and the consumer side. In this regard, the VPN is a useful example. Originally it was designed to provide a secure tunnel between two secure environments. The technology was then modified to meet the needs of remote or mobile users. It now relies on non-technical users to execute complex IT security procedures. Consequently, although the VPN still creates secure tunnels through the Internet, the client end can be easily—and frequently is—compromised. Such adherence to the existing technologies—and the band-aid approach connected thereto—leaves the users with dissatisfactory solutions and at the same time significantly sets back the development of true innovative systems and methods for securing network communications.
For the aforementioned reasons, there is a need for a new network security paradigm that delivers the desired reliability, efficiency, and user-friendliness. The kind of security solution that can sustain the needs of distributive IT framework and support pervasive computing and information processing must address the fallacies of the existing systems. A skilled network engineer or a learned user of business IT networks will be able to appreciate the importance of better IT security solutions. To that end, a brief review of the history of institutional computing and IT networks will be useful.
The first computers were mainframes. These complex monolithic devices required a protected environment to function properly. They could only be operated by skilled technicians who were charged with highly specialized knowledge. Access to them was limited and they offered limited connectivity with other devices. As a result, they were easy to secure.
The advent of the personal computer (PC), the evolution of networking technology and, particularly, the recent explosive growth of the Internet transformed the way people use and relate to computers. The size of the computer devices decreased. These machines became easily moveable. The user-friendly graphical interfaces made it possible for non-technical individuals to operate them. The computers were connected to create computer networks, allowing for fast and easy information and application sharing. The Internet brought the network connectivity to its acme—the true global connectivity that is affordable to the mass. In addition to the desktop and laptop PCs, personal digital assistant (PDAs), Tablet PCs, and mobile phones grew popular with people who need network access while not in their home or office.
The rapid advance of technologies and expansion of business needs as such presented an unprecedented challenge for the IT departments around the world. An ever-increasing amount of data—accessible from a vast number of devices—needs to be protected. And, such protection must be instituted against the backdrop of the broadband “always-on” connections. Also noteworthy is the regulatory initiative in various countries addressing privacy and information ownership concerns over the Internet. Clearly, a network security solution that is technically robust and comprehensive business-wise is needed, especially in view of the next inevitable phase of the IT evolution, one marked by pervasive computing. All analog devices are being and will be replaced by digital counterparts. Televisions, telephones, CDs and DVDs, cameras, video cameras, and computer game platforms alike will—if not already—all support Internet access. As data access becomes possible everywhere and all the time, the need for protecting proprietary corporate data and sensitive private information becomes more pressing and, the level of difficulty in meeting such needs correspondingly elevates.
In sum, reflecting on the evolution of the organizational IT infrastructure and the current deficiencies in secure network communications, one of ordinary skilled will appreciate the need for systems and methods that improve the security, stability, efficiency, and flexibility of network data transmission and, connected thereto, the need for a new network paradigm for secure and reliable enterprise information management and application sharing.